Red Hat offers cluster administrators the Network Observability Operator to observe the network traffic for OpenShift Container Platform clusters. The Network Observability Operator uses the eBPF technology to create network flows. The network flows are then enriched with OpenShift Container Platform information and stored in Loki. You can view and analyze the stored network flows information in the OpenShift Container Platform console for further insight and troubleshooting.
The Network Observability Operator requires the following Operators:
Loki: You must install Loki. Loki is the backend that is used to store all collected flows. It is recommended to install Loki by installing the Red Hat Loki Operator for the installation of Network Observability Operator.
Grafana: You can install Grafana for using custom dashboards and querying capabilities, by using the Grafana Operator. Red Hat does not support Grafana Operator.
Kafka: It provides scalability, resiliency and high availability in the OpenShift Container Platform cluster. It is recommended to install Kafka using the AMQ Streams operator for large scale deployments.
The Network Observability Operator provides the Flow Collector API custom resource definition. A Flow Collector instance is created during installation and enables configuration of network flow collection. The Flow Collector instance deploys pods and services that form a monitoring pipeline where network flows are then collected and enriched with the Kubernetes metadata before storing in Loki. The eBPF agent, which is deployed as a
daemonset object, creates the network flows.
OpenShift Container Platform console integration offers overview, topology view and traffic flow tables.
The OpenShift Container Platform console offers the Overview tab which displays the overall aggregated metrics of the network traffic flow on the cluster. The information can be displayed by node, namespace, owner, pod, and service. Filters and display options can further refine the metrics.
In Observe → Dashboards, the Netobserv dashboard provides a quick overview of the network flows in your OpenShift Container Platform cluster. You can view distillations of the network traffic metrics in the following categories:
Top flow rates per source and destination namespaces (1-min rates)
Top byte rates emitted per source and destination nodes (1-min rates)
Top byte rates received per source and destination nodes (1-min rates)
Top byte rates emitted per source and destination workloads (1-min rates)
Top byte rates received per source and destination workloads (1-min rates)
Top packet rates emitted per source and destination workloads (1-min rates)
Top packet rates received per source and destination workloads (1-min rates)
You can configure the
spec.processor.metrics to add or remove metrics by changing the
ignoreTags list. For more information about available tags, see the Flow Collector API Reference
Also in Observe → Dashboards, the Netobserv/Health dashboard provides metrics about the health of the Operator.
The OpenShift Container Platform console offers the Topology tab which displays a graphical representation of the network flows and the amount of traffic. The topology view represents traffic between the OpenShift Container Platform components as a network graph. You can refine the graph by using the filters and display options. You can access the information for node, namespace, owner, pod, and service.